daydreamfandomcom-20200214-history
Network Setup
Networking will focus on considerations, xinetd, and then inetd Considerations This document assumes a few things. First, it assumes that your server can be reached from the outside internet. SysOps should be familiar with how to port forward from a router or an access point to their internal box. This document also assumes that SysOps know how to set up effective incoming firewalls, but to touch on a few good ideas in summary: #Your router or switch should only forward the ports necessary for the BBS and any other services you're intentionally running. #For the BBS only: Forward port 21, 22, and 23 to your BBS's internal IP address. #If you use non-standard ports...you probably already have the knowledge to do all of this yourself :) #For http/https services external to daydream, open up 80 and 443 as well. #Never, ever, under any circumstances, open up a DMZ. You may as well invite hackers over to your house and just give them the keys. #Set up good iptables rules. A good set of tools on linux nowadays is gufw #You'll want to duplicate whatever you've set up at your router on your own internal iptables. It's tougher to compromise redundant systems. #You'll probably want to lock down the bbs and zipcheck users from being able to make outgoing connections. #If you allow SSH connections, shut off SFTP! Create this file first: Create a file called rundd in your base DayDream directory. We will assume that all standard /home/bbs configurations have been made. If you have something non-standard...figure it out. :) First, if you're using a script to set ownership, make the /home/bbs/rundd file look like this: #!/bin/bash /home/bbs/ownbbs.sh /home/bbs/bin/ddtelnetd -ubbs If you aren't going to bother with the ownership script, just put this in there: #!/bin/bash /home/bbs/bin/ddtelnetd -ubbs Of course, after making the script, make it executable chmod +x /home/bbs/rundd xinetd setup We're going to assume you want to use TELNET (by way of ddtelnetd), SSH, and FTP (by way of ddftpd) on standard ports. If this deviates from your system, adjust accordingly. Make sure you have an SSH daemon set up on your distribution. There are countless ways to do this, google the easiest way for your distro and make sure you can 'ssh localhost' before moving on. Make sure you have the following lines uncommented and set appropriately in /etc/services ftp 21/tcp telnet 23/tcp Now, change directories into /etc/xinetd.d/ Check and see if you have anything dedicated to the services 'ftp' or 'telnet' in there. If so, get rid of them. As root, create the file /etc/xinetd.d/telnet and make it look like this: service telnet { socket_type = stream protocol = tcp wait = no user = root server = /home/bbs/rundd flags = REUSE NODELAY KEEPALIVE log_on_failure += USERID } For the ftp server, ddftpd, create the file (as root) /etc/xinetd.d/ftp and make it look like this: service ftp { socket_type = stream protocol = tcp wait = no user = root server = /home/bbs/bin/ddftpd server_args = -D/home/bbs -p/home/bbs/bin/daydream log_on_success += DURATION nice = 10 disable = no env = DAYDREAM=/home/bbs } inetd setup I have no way to test this. I have nothing using inetd, so this is all hypothetical. I believe it's as simple as making sure these two lines live in your /etc/inetd.conf telnet stream tcp nowait root /usr/sbin/tcpd /home/bbs/rundd ftp stream tcp nowait root /usr/sbin/tcpd /home/bbs/scripts/runftp.sh And finally, you'll need to create the script /home/bbs/scripts/runftp.sh and make it look like this #!/bin/bash . /home/bbs/scripts/ddenv.sh /home/bbs/bin/ddftpd ddftpd -D/home/bbs -p/home/bbs/bin/daydream And of course, after creating this file, chmod +x /home/bbs/scripts/runftp.sh Done!